Legal
Privacy Policy
Last Updated: 13 March 2026 · Effective Date: 13 March 2026
1. Introduction
Lotus Helm ("we", "our", or "us") is committed to protecting the personal data of individuals who interact with our website and consulting services. This Privacy Policy explains how we collect, use, store, and protect your information when you visit lotus-helm.live or engage with our services.
We operate from 142 Sukhumvit Soi 21, Watthana, Bangkok 10110, Thailand, and our practice is subject to Thai law, including the Personal Data Protection Act B.E. 2562 (PDPA).
Questions about this policy may be directed to: [email protected]
2. Data We Collect
When you contact us, submit a form, or engage with our services, we may collect the following categories of personal data:
- Contact information: Name, email address, telephone number
- Business information: Company name, role, nature of enquiry
- Communication content: Messages submitted through our contact form or sent by email
- Website usage data: IP address, browser type, pages visited, time on site (collected through analytics tools where consent is given)
- Cookie data: As described in our Cookie Policy
We do not collect special categories of personal data (such as health, financial account details, or political opinions) through our website.
3. How We Use Your Data
Personal data is used for the following purposes:
- Responding to enquiries submitted through our contact form
- Managing consulting engagements where an agreement has been reached
- Sending service-related communications during an active engagement
- Improving the functionality and content of our website (where analytics consent is given)
- Complying with legal obligations applicable to our practice in Thailand
We do not use your data for unsolicited marketing, and we do not sell or lease personal data to third parties.
4. Legal Basis for Processing
Under the PDPA, we rely on the following legal bases depending on the activity:
- Consent: For optional analytics cookies and marketing communications
- Contractual necessity: For processing data necessary to deliver a consulting engagement
- Legitimate interests: For responding to enquiries and improving our services, where this does not override your fundamental rights
- Legal obligation: Where we are required to retain or process data to comply with applicable law
5. Data Retention
We retain personal data for the following periods:
- Enquiry data (not converted to an engagement): up to 6 months from last contact
- Engagement-related data: up to 5 years from engagement close, for legal and professional record-keeping purposes
- Website analytics data: as specified by the analytics provider's data retention settings, typically up to 26 months
After the applicable retention period, data is deleted or anonymized.
6. Data Protection Measures
We take reasonable technical and organizational measures to protect personal data from unauthorized access, loss, or disclosure. These include:
- Encrypted email and document storage for engagement materials
- Restricted access controls on systems containing client data
- Confidentiality obligations on all staff and associates
- Periodic review of our data handling practices
In the event of a data breach involving your personal data, we will notify affected individuals and the relevant authorities in accordance with PDPA requirements.
7. Cookies
This website uses cookies to support basic functionality and, where consent is given, to collect anonymous usage data. For full information, please refer to our Cookie Policy.
8. Third-Party Services
We may use the following third-party services, each subject to their own privacy policies:
- Google Analytics: Website usage analysis (only with analytics cookie consent)
- Email service providers: For sending transactional email communications
We do not share personal data with third parties for advertising purposes.
9. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and recommend reviewing their privacy policies independently.
10. Your Rights Under the PDPA
Under Thailand's Personal Data Protection Act, you have the following rights regarding your personal data:
- Right to access: Request confirmation of whether we hold your data and obtain a copy
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your personal data, subject to legal retention obligations
- Right to restrict processing: Request that we limit how we use your data in certain circumstances
- Right to data portability: Request your data in a structured, machine-readable format where technically feasible
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you believe your rights have not been respected, you may lodge a complaint with the Office of the Personal Data Protection Committee (PDPC) in Thailand.
11. Children's Privacy
Our services are directed exclusively at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.
12. Changes to This Policy
We may update this Privacy Policy periodically. When we do, the "Last Updated" date at the top of this page will be revised. We encourage you to review this page occasionally to stay informed of how your data is handled. Material changes will be communicated to active clients directly.
13. Contact Information
For any privacy-related enquiries or to exercise your data rights:
- Email: [email protected]
- Address: Lotus Helm, 142 Sukhumvit Soi 21, Watthana, Bangkok 10110, Thailand
- Phone: +66 2 251 4897